|
|
| (3 intermediate revisions by one other user not shown) |
| Line 1: |
Line 1: |
| The OpenNebula backend is bundled with rOCCI-server. Follow these steps to configure and activate it:
| | This page is no longer maintained. |
| <OL>
| |
| <LI>Make sure '''OpenNebula''' is '''already installed''' and '''running''' in your environment. Otherwise it is highest time to install it. Note that installation of OpenNebula is beyond the scope of this Admin Guide. You may find useful some of the available [http://opennebula.org/documentation/tutorials/ OpenNebula Tutorials].
| |
| </LI>
| |
| <LI>Create a <code>rocci</code> account for the rOCCI-server backend in OpenNebula and make it a member of the <code>oneadmin</code> group:
| |
| su - oneadmin
| |
| oneuser create rocci '<actual_password_edited_out>' --driver server_cipher
| |
| oneuser chgrp rocci oneadmin
| |
| exit
| |
| </LI>
| |
| <LI>Edit Virtual Host configuration file <code>/etc/apache2/sites-available/occi-ssl</code> or <code>/etc/httpd/conf.d/occi-ssl.conf</code>, respectively, and change the following:
| |
| <OL>
| |
| <LI>attribute <code>ROCCI_SERVER_BACKEND</code> must be set to <code>opennebula</code> as shown:
| |
| SetEnv ROCCI_SERVER_BACKEND opennebula
| |
| ''Note: Do not confuse with attribute <code>ROCCI_SERVER_BACKEND</code>; that has another purpose.''
| |
| </LI>
| |
| <LI>attribute <code>ROCCI_SERVER_ONE_PASSWD</code> must be set to give the password for the <code>rocci</code> user set up in the previous step:
| |
| SetEnv ROCCI_SERVER_ONE_PASSWD <actual_password_edited_out>
| |
| </LI>
| |
| <LI>Server name attributes must be set to the rOCCI server's ''fully qualified domain name''. Set <code>ROCCI_SERVER_HOSTNAME</code> and <code>ServerName</code> accordingly:
| |
| ServerName rocci-server.example.com
| |
| and
| |
| SetEnv ROCCI_SERVER_HOSTNAME rocci-server.example.com
| |
| ''Note: In case your rOCCI-server is not collocated with OpenNebula, these both need to point to the rOCCI-server. A different attribute is used to indicate the OpenNebula server.''
| |
| </LI>
| |
| </OL>
| |
| <LI>Restart the WebServer. You may skip this step if you are going to configure GridSite next.
| |
| {| border="2" style="border-collapse:collapse" cellpadding="5" width="100%"
| |
| ! width="50%" | APT-based distributions (Debian, Ubuntu, …)
| |
| ! RPM-based distributions (Scientific Linux, CentOS, …)
| |
| |-
| |
| |
| |
| service apache2 restart
| |
| |
| |
| service httpd restart
| |
| |-
| |
| |''Tested in Debian 7 Wheezy''
| |
| |''Tested in SL 6.5 Carbon''
| |
| |}
| |
| </LI>
| |
| </OL>
| |
| | |
| ==== Use with GridSite and VOMS (optional) ====
| |
| | |
| As long as your site is a part of the EGI [http://www.egi.eu/infrastructure/cloud/ Federated Cloud infrastructure], or another infrastructure relying on Virtual Organization Management Services (VOMS), you also need to install the [http://egee.cesnet.cz/cvsweb/SEC/GridSite_Install.pdf '''GridSite''' module for Apache].
| |
| | |
| <OL>
| |
| <LI>
| |
| Choose repository to install from. GridSite '''''is''''' available from standard distribution repositories (EPEL, Debian) but not always in its most recent versions. EGI's UMD repository may be a better source, especially if you are a part of EGI.
| |
| <OL>
| |
| <LI>Installing from standard distro repositories:
| |
| {| border="2" style="border-collapse:collapse" cellpadding="5" width="100%"
| |
| ! width="50%" | APT-based distributions (Debian, Ubuntu, …)
| |
| ! RPM-based distributions (Scientific Linux, CentOS, …)
| |
| |-
| |
| |
| |
| apt-get install -y gridsite
| |
| |
| |
| rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
| |
| yum install -y gridsite
| |
| |-
| |
| |''Tested in Debian 7 Wheezy''
| |
| |''Tested in SL 6.5 Carbon''
| |
| |}
| |
| </LI>
| |
| <LI>Installing from UMD:
| |
| {| border="2" style="border-collapse:collapse" cellpadding="5" width="100%"
| |
| ! width="50%" | APT-based distributions (Debian, Ubuntu, …)
| |
| ! RPM-based distributions (Scientific Linux, CentOS, …)
| |
| |-
| |
| |
| |
| UMD is currently only available for [http://repository.egi.eu/category/umd_releases/distribution/umd-3/ Debian 6 Squeeze]. If you cannot use the current GridSite version in Wheezy, and want a new one, contact [https://github.com/CESNET/gridsite/issues GridSite developers].
| |
| <!--
| |
| wget http://repository.egi.eu/sw/production/umd/UMD-DEB-PGP-KEY -O /tmp/umd.key
| |
| apt-key add /tmp/umd.key
| |
| wget https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3 -O /tmp/IGTF.key
| |
| apt-key add /tmp/IGTF.key
| |
| wget http://repository.egi.eu/sw/production/umd/3/debian/dists/squeeze/main/binary-amd64/umd-release-3.0.0_all.deb
| |
| dpkg -i umd-release-3.0.0_all.deb
| |
| apt-get update
| |
| apt-get install -y gridsite
| |
| -->
| |
| |
| |
| rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
| |
| yum install -y yum-priorities yum-protectbase
| |
| rpm -ivh http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm
| |
| yum install -y gridsite
| |
| |-
| |
| |''Tested in Debian 7 Wheezy''
| |
| |''Tested in SL 6.5 Carbon''
| |
| |}
| |
| </LI>
| |
| </OL>
| |
| </LI>
| |
| <LI>Make sure <code>mod_gridsite</code> is loaded when WebServer starts. If you are installing in accordance with the previous step, it is '''already OK'''. Otherwise, you may need to add a config file (see example in <code>/opt/rOCCI-server/examples/etc/apache2/mods-available/zgridsite.load</code>) and enable the module.
| |
| <!--
| |
| {| border="2" style="border-collapse:collapse" cellpadding="5" width="100%"
| |
| ! width="50%" | APT-based distributions (Debian, Ubuntu, …)
| |
| ! RPM-based distributions (Scientific Linux, CentOS, …)
| |
| |-
| |
| |
| |
| cp -n /opt/rOCCI-server/examples/etc/apache2/mods-available/zgridsite.load \
| |
| /etc/apache2/mods-available/
| |
| a2enmod zgridsite
| |
| |
| |
| cp -n /opt/rOCCI-server/examples/etc/apache2/mods-available/zgridsite.load \
| |
| /etc/httpd/conf.d/zgridsite.conf
| |
| |-
| |
| |''Tested in Debian 7 Wheezy''
| |
| |''Tested in SL 6.5 Carbon''
| |
| |}-->
| |
| </LI>
| |
| <LI>Activate GridSite in you Virtual Host's configuration file—<code>/etc/apache2/sites-available/occi-ssl</code> or <code>/etc/httpd/conf.d/occi-ssl.conf</code>, respectively.
| |
| <OL>
| |
| <LI>Add the following directives:
| |
| <pre>
| |
| ## variables (and is needed for gridsite-admin.cgi to work.)
| |
| GridSiteEnvs on
| |
| ## Nice GridSite directory listings (without truncating file names!)
| |
| GridSiteIndexes off
| |
| ## If this is greater than zero, we will accept GSI Proxies for clients
| |
| ## (full client certificates - eg inside web browsers - are always ok)
| |
| GridSiteGSIProxyLimit 4
| |
| ## This directive allows authorized people to write/delete files
| |
| ## from non-browser clients - eg with htcp(1)
| |
| GridSiteMethods ""
| |
| </pre>
| |
| </LI>
| |
| <LI>And change the value of the <code>SSLVerifyClient</code> attribute to <code>require</code>
| |
| SSLVerifyClient require
| |
| </LI>
| |
| <LI>Extend <code>SSLOptions</code> attribute with option <code>ExportCertData</code>:
| |
| SSLOptions +StdEnvVars +ExportCertData
| |
| </LI>
| |
| </OL>
| |
| </LI>
| |
| <LI>Make sure your ''VOMS'' settings are present, either in <code>/etc/vomses</code> or as <code>.lsc</code> files in the <code>/etc/grid-security/vomsdir</code> structure.</LI>
| |
| </LI>
| |
| <LI>Enable GridSite and restart the WebServer.
| |
| {| border="2" style="border-collapse:collapse" cellpadding="5" width="100%"
| |
| ! width="50%" | APT-based distributions (Debian, Ubuntu, …)
| |
| ! RPM-based distributions (Scientific Linux, CentOS, …)
| |
| |-
| |
| |
| |
| a2enmod zgridsite
| |
| service apache2 restart
| |
| |
| |
| service httpd restart
| |
| |-
| |
| |''Tested in Debian 7 Wheezy''
| |
| |''Tested in SL 6.5 Carbon''
| |
| |}
| |
| </LI>
| |
| </OL>
| |
The wiki is deprecated and due to be decommissioned by the end of September 2022.